CNNVD-202510-1197 Information

CNNVD ID

CNNVD-202510-1197

Related CVE

CVE-2025-61787

• CNNVD Published: 2025-10-08

Description (Chinese)

Deno是Deno开源的一个简单、现代且安全的 JavaScript 和 TypeScript 运行环境。 Deno 2.5.3之前版本和2.2.15之前版本存在命令注入漏洞，该漏洞源于Windows上执行批处理文件时容易受到命令行注入攻击。

Description (English)

Deno is a simple, modern and safe JavaScript and TypeScript operating environment for Deno. Before Deno 2.5.3 and before 2.2.15, there was a command-injecting loophole, which arose from the vulnerability of the command-injection line to the execution of batch processing documents on Windows.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Deno

Published

2025-10-08

Last Modified

2026-02-24

References

https://github.com/denoland/deno/commit/8a0990ccd37bafd8768176ca64b906ba2da2d822 https://github.com/denoland/deno/pull/30818 https://github.com/denoland/deno/releases/tag/v2.2.15 https://github.com/denoland/deno/releases/tag/v2.5.3 https://github.com/denoland/deno/security/advisories/GHSA-m2gf-x3f6-8hq3 https://access.redhat.com/security/cve/cve-2025-61787

Patch

https://deno.com/